Full-Time Application Security Analyst III – Remote

Job Description

Black Knight is the premier provider of integrated technology, services, data and analytics that lenders and servicers look to first to help successfully manage the entire loan life cycle. Our deep understanding of regulatory and compliance issues complements the knowledge, technology and solutions we offer to help our clients achieve their business goals. Black Knight offers leading software systems; data and analytics offerings; and information solutions that facilitate and automate many of the business processes across the mortgage life cycle.

JOB FAMILY DESCRIPTION Responsible for protecting the company from dynamic and evolving threats. Monitors and researches emerging and advanced information security threats, as well as assesses customer data, investigating repeating trends, attacks, malicious intellectual properties, and other abnormalities. Minimizes data exposure risks by meeting all company and regulatory requirements while developing and implementing business solutions. The Application Security Analyst III will be developing and implementing business solutions to fix and prevent code vulnerabilities with application development teams across the enterprise.

Note: This role is eligible to be remote.

GENERAL DUTIES & RESPONSIBILITIES * Investigates and analyzes events and possible incidents that target the company and pose an imminent risk to the company, its employees and customers. * Plans, directs and facilitates response and recovery activities in response to a threat in software applications. * Provides consulting services with software development teams on code vulnerabilities and completes interpretations of the risk to the company and clients. * Conducts scan reviews and provides recommendations to management regarding filters, blocking, vulnerability remediation, etc. * Researches hackers and hacker techniques and provides detailed briefings and intelligence reports to management. * Conducts analysis of intelligence data as it pertains to the application security of the Client. * Collaborates with intrusion analysts to identify, report on, and coordinate remediation of threats to the company and its clients. * Conducts Security vulnerability assessments of Web, Desktop Applications, and Web Services. * Performs other related duties as assigned.

GENERAL KNOWLEDGE, SKILLS & ABILITIES * Strong knowledge in Secure Software Development and Secure Coding best practices * Experience with enterprise risk assessment methodologies * Knowledge of common application vulnerabilities (OWASP Top 10) * Ability to evaluate information security risk implications * Knowledge of hacker methodologies and tactics, system vulnerabilities and key indicators of attacks and exploits * Experience with either Java and/or .NET (C#) development languages and code strongly preferred * Knowledge of Static Application Security Testing (SASP) tools such as Veracode, Qualys, or Fortify is a plus * Knowledge of relevant legal and regulatory requirements * Knowledge of common information security management frameworks * Experience working with a diverse range of data sources/streams and managing these effectively * Excellent analytical, decision-making and problem-solving skills with proficiency in project management * Strong understanding of developing and deploying analytical tools and technologies to cybersecurity challenges * Ability to apply formal intelligence analysis methods, develop hypothesis, prove/disprove relationships, defend the analysis, and apply attribution to cyber threat activity * Knowledge of computer network defense operations (e.g., proxy, firewall, IDS/IPS, router/switch, open source information collection, etc.) * Ability to develop partnership-oriented relationships with business executives and functional leaders * Strong background in security operations, process, solutions and technologies * Working knowledge of Linux, Windows, and Network Operating Systems * Experience with current cyber threats and the associated tactics, techniques, and procedures used to infiltrate computer networks * Must be able to multitask in a fast-paced environment with focus on timeliness, documentation, and communications with peers and business users alike * Ability to communicate well both verbally and in writing to technical and non-technical audiences of various levels within Black Knight or outside the organization (executives, regulators, clients, etc.) * Results oriented, business focused, and successful at interfacing across multiple organizational units

JOB FAMILY LEVEL Advanced professional role. Performs work that is moderate to highly complex and varied in nature. Develops integrated solutions to resolve technical and business issues. Provides direction, guidance and integration of services. May lead multiple IT security projects or participate as a team member. Works on small to large, moderately complex security issues or projects that require expertise in multiple IT functional areas. Requires significant knowledge of security issues, techniques and implications across all existing computer platforms. May serve as a project leader for IT security projects or the security components of multi-discipline projects. Must have significant knowledge in networking, databases, systems and/or Web operations. May coach and guide more junior staff. Typically requires six (6) or more years of combined IT and security work experience with extensive exposure conducting network security vulnerability a ssessments, penetration testing, or other related experience using advanced networking tools and security solutions as well as non-traditional techniques and methodologies and at least four (4) or more years of experience intelligence collection, analysis, and reporting process/procedures.

Pink Jobs

Welcome to Pink Jobs, the LGBT friendly job vacancy website. Use the search bar at the top of this page to search for positions of employment near you. The location box will come up with suggestions for areas based on what you have typed, and we will soon be implementing a job suggestion feature that gives you a drop-down full of ideas that you could search for. It functions in a very similar way to other job sites by letting you join as a member and list your resume/CV for recruiters to browse.

We want this site to enable lesbian, gay, bisexual, and transgender friendly individuals and employers to locate candidates and jobs near to them. Hopefully we are providing you the tools to do this. The site also includes information about Pink Jobs, enables you to contact us, and also provides information of gay jobs, employment, and friendly employers.